Information Security Policy

Triam Health Limited

1. Introduction

Triam Health Limited (“Triam Health”) is committed to maintaining the confidentiality, integrity, availability, and security of all personal, medical, medico-legal, clinical, and business information processed within the organisation.

This Information Security Policy applies to:

  • Private GP services
  • Aesthetic and cosmetic healthcare services
  • Medico-legal and independent medical expert services
  • Occupational health services
  • Website and digital healthcare systems
  • Staff, contractors, clinicians, and third-party providers

2. Policy Objectives

The objective of this policy is to:

  • Protect confidential and sensitive information
  • Prevent unauthorised access or disclosure
  • Ensure secure healthcare and medico-legal services
  • Support legal and regulatory compliance
  • Maintain business continuity and resilience

3. Legal & Regulatory Compliance

Triam Health processes information in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Applicable healthcare and medico-legal obligations
  • MedCo requirements where applicable
  • Professional and regulatory standards

4. Technology & Digital Services

Triam Health may use Trikon Digital Ltd as a technology and software services provider for secure case management, communications, cloud hosting, appointment administration, and digital healthcare services.

Certain communications may include:

  • Emails
  • SMS reminders
  • Secure notifications
  • Online forms
  • Digital questionnaires

5. Information Security Responsibilities

Senior management is responsible for:

  • Supporting and approving this policy
  • Ensuring information security governance
  • Supporting legal and regulatory compliance

All staff, clinicians, contractors, and third parties must:

  • Maintain confidentiality
  • Protect information assets
  • Use systems securely
  • Report suspected security incidents immediately

6. Access Control & Authentication

Access to systems and information is restricted to authorised individuals based on legitimate operational, clinical, or medico-legal requirements.

Security measures may include:

  • Role-based access controls
  • Unique user accounts
  • Strong password policies
  • Multi-factor authentication
  • Audit logging and session monitoring

7. Data Security Measures

Triam Health implements appropriate technical and organisational measures including:

  • Secure cloud hosting
  • Encryption of data at rest and in transit
  • Firewall and endpoint protection
  • Malware and antivirus protection
  • Backup and disaster recovery procedures
  • Secure disposal of confidential information

8. Medico-Legal Information Security

Particular care is taken in relation to medico-legal information and independent medical expert services.

  • Information is shared only with authorised parties
  • Reports are handled securely and confidentially
  • Independent medical experts may act as Data Controllers

9. Business Continuity & Incident Management

Triam Health maintains business continuity and disaster recovery arrangements designed to minimise disruption and protect critical systems.

  • Security incidents must be reported immediately
  • Internal procedures are followed for incident management
  • Critical systems are monitored and protected

10. Third-Party Providers & Confidentiality

Third-party providers and contractors with access to confidential information must:

  • Enter into confidentiality agreements
  • Maintain appropriate security standards
  • Comply with data protection obligations

11. Staff Awareness & Training

Triam Health provides appropriate information security and data protection awareness training to staff, clinicians, and contractors.

12. ICO Registrations

Triam Health Limited is registered with the Information Commissioner’s Office (ICO).

ICO Registration Reference: ZC072064

Dr Thiru Sundaresan may also process personal information in his professional capacity as an independent clinician and medical expert.

ICO Registration Reference: ZB880242

13. Policy Approval

Policy Owner: Triam Health Limited

Approved By: Director

Version: 1.2

Date Issued: 01 October 2026

Review Date: 01 October 2027